What Happens When the N.S.A. Gets Sloppy

All institutions make mistakes, but when an organization as vast and unsupervised as the National Security Agency gets sloppy, the mistakes quickly amount to a serious abuse of government authority. Barton Gellman’s article today in the Washington Post was remarkable not just because it showed widespread incompetence by the agency, but because it showed the real dangers in allowing the N.S.A. to exercise overly broad power with almost no oversight.

The article, based largely on an internal agency audit leaked by Edward Snowden, said the agency breaks privacy rules and the limits on its authority thousands of times a year — specifically, in 2,776 incidents between May of 2011 and 2012, with each “incident” compromising the privacy of multiple people, often thousands of people. Though most of the mistakes were unintentional, the N.S.A. wound up collecting data it was not supposed to obtain on people who should not have been spied upon.
At one point, it collected a “large number” of call records from Washington because a programmer typed in the area code 202 instead of the Egyptian dialing code of 20, the audit showed. The N.S.A. also improperly examined data on 3,000 Americans and green-card holders. Many of the incidents took place when foreigners brought to the United States cell phones that were being tapped without a warrant. (Outside of the country, that’s legal. Within the country, a warrant is mandatory.)

The N.S.A.’s lame explanation for the breathtaking scope of its mistakes was that “we’re a human-run agency operating in a complex environment,” according to one unnamed senior official. Yes, but it was humans who created that immense complexity, building a supercomputer network that automates the task of surveillance, making it possible for a careless technological error to cascade into an abuse of privacy that affected many thousands of innocent people.

If the N.S.A. were operating on a more reasonable sense of scale — collecting phone records only on people who are terror suspects, for example, rather than on every American — mistakes would not be as costly. But it has taken on powers that it was not granted by Congress, and it is not clear whether it fully briefs lawmakers and outside officials on its own mistakes. One top-secret memo instructed the agency’s internal auditors not to reveal certain details to the Justice Department.

The lack of oversight revealed in The Post’s report is staggering. The agency improperly diverted foreign data passing through fiber-optic cables in the United States for months before the Foreign Intelligence Surveillance Court ruled that practice unconstitutional in 2011. The chief judge of the court, Reggie Walton, admitted to the newspaper that the court cannot independently verify what the agency is doing, or whether the agency’s accounting of its own mistakes is accurate, except based on information from the agency itself. “The FISC does not have the capacity to investigate issues of noncompliance,” Mr. Walton said.

So much for President Obama’s recent assurance that the government is not abusing its authority. And Congress, as usual, is nowhere to be found. Senator Dianne Feinstein, chairwoman of the Intelligence Committee, hadn’t even seen a copy of the audit until the Post asked her staff about it. She then admitted the committee should do more to ensure that the N.S.A.’s operations are authorized.

Nancy Pelosi, the House Democratic leader, called the report “extremely disturbing” and demanded more oversight, but where have she and her colleagues been? A few prescient lawmakers have for years demanded that Congress do a better job of exercising its responsibilities, but have gotten nowhere.

As Jameel Jaffer of the American Civil Liberties Union noted today, “it makes no sense at all to let the intelligence community police itself.” If this report doesn’t wake up Washington to the dangers of an unchecked spy bureaucracy, nothing will.

Update: Senators Ron Wyden and Mark Udall just issued a statement saying the mistakes and rule-breaking reported by the Washington Post are just the “tip of the iceberg” of a much larger body of classified violations, which they are unable to reveal. In particular, they said, the public needs to know more about the N.S.A.’s violations of the secret court’s orders that allow bulk collection of data on Americans. The court, they said, needs to be restructured to make it a more effective check on executive-branch power.

Correction: August 16, 2013An earlier version of this post misstated the first name of Sen. Udall. It is Mark, not Tom.